CVE-2012-2398

ownCloud <3.0.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.

References (4)

Scores

EPSS 0.0029
EPSS Percentile 51.6%

Classification

CWE
CWE-79
Status published

Affected Products (4)

owncloud/owncloud < 3.0.2
owncloud/owncloud_server
owncloud/owncloud_server
n/a/n/a

Timeline

Published Apr 20, 2012
Tracked Since Feb 18, 2026